Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
Data Breach and DDoS Attacks Take Archive.org and Open Library Offline
Internet Archive attack

Data Breach and DDoS Attacks Take Archive.org and Open Library Offline

Digital collections appear safe after the attacks, which raised website security questions even as the attackers faced criticism.

Key Takeaways

  • The massive 57-petabyte Internet Archive has been hit by a data breach, website defacement, exfiltration and DDoS attacks in recent days.
  • The breach and DDoS attacks so far appear unconnected.
  • A copy of a user authentication database containing the email addresses and credentials of 31 million users has been provided to Have I Been Pwned.
  • The attackers have faced criticism for attacking a nonprofit whose goal is to preserve knowledge.
  • Questions have been raised about Archive’s handling of JavaScript, which appears central to the breach.
  • As of now, Archive.org and Open Library are offline, and recovery efforts are expected to take “days, not weeks.”

Overview

The Internet Archive has taken its Archive.org and OpenLibrary.org sites offline in response to a data breach and repeated DDoS attacks.

The breach of a user authentication database, which exposed the email addresses and credentials of 31 million users, likely occurred on Sept. 28, as that is the most recent date in a 6.4GB SQL file provided to Troy Hunt of Have I Been Pwned. Archive users did not become aware of the breach until two days ago, when a JavaScript alert appeared on the site that read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

Internet Archive founder Brewster Kahle confirmed the attacks and website defacement in a Tweet on October 9: “DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.”

The DDoS attacks returned yesterday, and Archive and Open Library were taken offline, opting for “being cautious and prioritizing keeping data safe at the expense of service availability.”

In an update today, Kahle said: “The data is safe. Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard. Estimated Timeline: days, not weeks.”

In the meantime, this notice appears on the Archive home page, and the Open Library site was down at the time of publication:

report-ad-banner

Breach and DDoS Attacks May Not Be Linked

Shortly after the breach became public, the DDoS attacks were launched by the threat actor group SN_BLACKMETA. In an alert to clients, Cyble said there is as of yet no evidence that the breach and DDoS attacks are related.

“There is no correlation whether the threat actor group SN_BLACKMETA who is behind the DDoS attacks is the same group that also breached Internet Archive,” Cyble said in the alert.

SN_BLACKMETA appears to misunderstand the nature of the non-governmental, non-profit Internet Archive, as the threat group stated as its motive for the attacks that “the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of “Israel”.”

Commenters on Twitter and apparently even in the group’s own Telegram channel (now taken down) criticized targeting the Internet Archive, which has preserved a vast amount of data and records on a small budget. At last count, the Archive contained 57 petabytes of data and more than 866 billion web pages across four data centers in its mission to provide “universal access to all knowledge.”

On Mastodon, independent cybersecurity researcher Kevin Beaumont said, “that isn’t sticking it to some evil multinational, it’s attacking a genuinely great resource run on near nothing resource, sweat and tears. If you’re going to attack things – please aim better.”

Archive Website Security Questioned

In the wake of the attacks, questions are being raised about the Internet Archive’s website security, which allowed a breach, exfiltration, defacement and DDoS attacks within a short time period.

“A Website as large as archive.org should be able to isolate hashed passwords from public accessible Javascript,” one commenter noted. “Wikipedia makes extensive use of Javascript. As far as i know, Javascript is disabled on preferences pages and login Pages.”

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

annual-threat-report-2025
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading